Shipping Industry remains “easy target”, costs from cyberattacks soar: report

The maritime industry remains an easy target for cybercriminals, with the cost of attacks and demand for ransom payments across the sector increasing significantly over the past 12 months.

The report from sector-focused law firm HFW and maritime cyber security company CyberOwl, found that a cyberattack in the maritime industry now ends up costing the target organization an average of $550,000 – up from $182,000 in 2022.

The report was based on a survey of more than 150 industry professionals. It revealed significant gaps in cyber risk management that existed across shipping organizations and the wider supply chain, despite progress made by IMO 2021.

The research was carried out by the maritime technology research agency Thetius.

Just under a quarter of the victims were tricked into transferring funds.

Despite the costs most shipping organisations a third of companies spent less than $100,000 a year in cyber security management:

A quarter of survey respondents said their organisation does not have insurance to cover cyber risk.

Tom Walters, Partner at HFW, said that “our findings show that, while maritime cyber security has improved, the industry remains an easy target. Shipping organisations are being subject to more cyberattacks than ever before, and the cost of attacks and demand for ransom payments have skyrocketed. And as the use of technology continues to increase across all aspects of shipping – from ship networks to offshore installations and shoreside control centres – so does the potential for cybersecurity breaches”.

Walters observed that “maritime operational technology and fleet operations management were now almost entirely digital, meaning that a cyberattack could compromise anything from vessel communication systems and navigation suites to the systems managing ballast water, cargo management, and engine monitoring and control. “Failure of any of those systems could result in a vessel being stranded and potentially grounded”, Walters said.

Daniel Ng, CEO at  CyberOwl. Said that “the good news is that the conversation on vessel cyber risk management has clearly shifted away from the ‘why’ towards the ‘how’. There is less scepticism about the need to manage the risk, more thoughtfulness on how best to spend each dollar in shoring up defences.”

However, Ng noted that the challenge for the change agents in shipping was that they were dealing with new risks in a new domain under sector-specific constraints. “All of this in an environment where shipping companies are still too secretive to share benchmarks and best practice widely. The sector must make the most of the specialist expertise available. And those with specialist maritime cyber security knowledge must do more to share knowledge of risks and best practice”, Ng said.

Nick Chubb, Managing Director at Thetius, said that “our research shows that the industry has improved dramatically in a short space of time. But it also shows that cybercriminals are evolving faster. The costs of cyber-attacks are growing. The impact that can be created in the global supply chain by exploiting a single easy target means the entire maritime industry needs to raise the bar.”